# Security rule ## Security Rule Describes security rule attributes. Rule fields are used to capture the specifics of any observer or agent rules that generate alerts or other notable events. | Attribute | Type | Description | Examples | Stability | |---|---|---|---|---| | `security_rule.category` | string | A categorization value keyword used by the entity using the rule for detection of this event | `Attempted Information Leak` |  | | `security_rule.description` | string | The description of the rule generating the event. | `Block requests to public DNS over HTTPS / TLS protocols` |  | | `security_rule.license` | string | Name of the license under which the rule used to generate this event is made available. | `Apache 2.0` |  | | `security_rule.name` | string | The name of the rule or signature generating the event. | `BLOCK_DNS_over_TLS` |  | | `security_rule.reference` | string | Reference URL to additional information about the rule used to generate this event. [1] | `https://en.wikipedia.org/wiki/DNS_over_TLS` |  | | `security_rule.ruleset.name` | string | Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. | `Standard_Protocol_Filters` |  | | `security_rule.uuid` | string | A rule ID that is unique within the scope of a set or group of agents, observers, or other entities using the rule for detection of this event. | `550e8400-e29b-41d4-a716-446655440000`; `1100110011` |  | | `security_rule.version` | string | The version / revision of the rule being used for analysis. | `1.0.0` |  | **[1] `security_rule.reference`:** The URL can point to the vendor’s documentation about the rule. If that’s not available, it can also be a link to a more general page describing this type of alert.